Conference paper

Authenticated multi-party key agreement

We examine key agreement protocols providing: (i) key authentication, (ii) key confirmation, and (iii) forward secrecy. Attacks are presented against previous two-party key agreement schemes and we subsequently present a protocol providing the properties listed above. A generalization of the Burmester-Desmedt (BD) model (Eurocrypt, 1994) for multi-party key agreement is given, allowing a transformation of any two-party key agreement protocol into a multi-party protocol. A multi-party scheme (based on the general model and a specific 2-party scheme) is presented that reduces the number of rounds required for key computation compared to the specific BD scheme. It is also shown how the specific BD scheme fails to provide key authentication

Related material